From jin@adv-pc-1.lbl.gov  Mon Dec 15 14:33:41 1997
Received: from adv-pc-1.lbl.gov (adv-pc-1.lbl.gov [128.3.196.189])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA22160
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Dec 1997 14:33:41 -0800 (PST)
          (envelope-from jin@adv-pc-1.lbl.gov)
Received: (from jin@localhost)
	by adv-pc-1.lbl.gov (8.8.7/8.8.7) id OAA05522;
	Mon, 15 Dec 1997 14:33:40 -0800 (PST)
	(envelope-from jin)
Message-Id: <199712152233.OAA05522@adv-pc-1.lbl.gov>
Date: Mon, 15 Dec 1997 14:33:40 -0800 (PST)
From: Jin Guojun (ITG staff) <jin@adv-pc-1.lbl.gov>
Reply-To: jin@adv-pc-1.lbl.gov
To: FreeBSD-gnats-submit@freebsd.org
Subject: access permission on foreign disk fails
X-Send-Pr-Version: 3.2

>Number:         5305
>Category:       kern
>Synopsis:       access permission on foreign disk fails
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 15 14:40:00 PST 1997
>Closed-Date:    Tue Apr 21 17:13:51 PDT 1998
>Last-Modified:  Tue Apr 21 17:15:09 PDT 1998
>Originator:     Jin Guojun (ITG staff)
>Release:        FreeBSD 2.2.5-RELEASE i386
>Organization:
>Environment:

	FreeBSD 2.2.5-RELEASE i386

>Description:

	group and other access permission on foreign disk fail in
	2.2.5-RELEAE.
	It works on local disk. The Foreign file system is Solaris-2.6.
	

>How-To-Repeat:

# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 10(staff), 31(guest), 100(advdev), 144(iss)

[390] adv-pc-1.lbl.gov: mkdir test/t1
[391] adv-pc-1.lbl.gov: ll test/t1
total 4
drwxr-xr-x  2 jin  bin  512 Dec 15 14:11 ./
drwxr-x---  3 jin  bin  512 Dec 15 14:11 ../
[392] adv-pc-1.lbl.gov: chmod o-rx test/t1
[393] adv-pc-1.lbl.gov: ll test/t1
total 4
drwxr-x---  2 jin  bin  512 Dec 15 14:11 ./
drwxr-x---  3 jin  bin  512 Dec 15 14:11 ../

GOTO ROOT WINDOW
# ll /tmp/test
total 1
drwxr-x---  2 jin  bin  512 Dec 15 14:11 t1

# ll /tmp/test/t1


SWITCH back to user window

[394] adv-pc-1.lbl.gov: chgrp advdev test test/t1
[395] adv-pc-1.lbl.gov: ll test/t1
total 4
drwxr-x---  2 jin  advdev  512 Dec 15 14:11 ./
drwxr-x---  3 jin  advdev  512 Dec 15 14:11 ../
[396] adv-pc-1.lbl.gov: tar -cf - test | (cd ~; tar -xvf -)
 
test/
test/t1/
[397] adv-pc-1.lbl.gov: ll ~/test
total 12
drwxr-x---   3 jin  advdev   512 Dec 15 14:11 ./
drwxr-xr-x  58 jin  advdev  4096 Dec 15 14:13 ../
drwxr-x---   2 jin  advdev   512 Dec 15 14:11 t1/


SWITCH to root window ************************
# ll /tmp/test/t1
# ll ~jin/test
ls: test: Permission denied

SWITCH to user
[398] adv-pc-1.lbl.gov: chgrp bin ~/test

SWITCH to root
# ll ~jin/test
ls: test: Permission denied

>Fix:
	
	

>Release-Note:
>Audit-Trail:

From: dnelson@emsphone.com
To: freebsd-gnats-submit@freebsd.org, jin@adv-pc-1.lbl.gov
Cc: dnelson@emsphone.com
Subject: Re:kern/5305:accesspermissiononforeigndiskfails
Date: Thu, 15 Jan 1998 18:02:40 -0600 (CST)

 ># ll /tmp/test/t1
 ># ll ~jin/test
 >ls: test: Permission denied
 >
 >SWITCH to user
 >[398] adv-pc-1.lbl.gov: chgrp bin ~/test
 >
 >SWITCH to root
 ># ll ~jin/test
 >ls: test: Permission denied
 
 Most likely your Solaris system is set to map root access to uid -2,
 gid -2, to keep malicious people from breaking into NFS servers by
 cracking root on another machine.
 
 If you really want remote root users to be able to write willy-nilly to
 your NFS mounts, check the exports(5) man page on your NFS server to
 see what flags you need to set to allow root access.  On FreeBSD, it
 would be  -maproot=0
 
 	-Dan Nelson
 	dnelson@emsphone.com
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Tue Apr 21 17:13:51 PDT 1998 
State-Changed-Why:  
As A. Joseph Koshy pointed out not allowing local root to 
be remote root is a feature and not a bug. 
>Unformatted:
